Malicious code frequently included with screensavers and other free software can surreptitiously make any number of changes to Chrome settings. Injecting ads into webpages and blocking the ability to revert settings to those previously chosen by the user are two of the more common ways unscrupulous developers tamper with browser options. The hijackings were among the top issue users reported in Chrome help forums when the reset button was introduced in October. Upson explained:

Despite this, settings hijacking remains our number one user complaint. To make sure the reset option reaches everyone who might need it, Chrome will be prompting Windows users whose settings appear to have been changed if they’d like to restore their browser settings back to factory default. If you’ve been affected by settings hijacking and would like to restore your settings, just click “Reset” on the prompt below when it appears.

Note that this will disable any extensions, apps, and themes you have installed. If you’d like to reactivate any of your extensions after the reset, you can find and re-enable them by looking in the Chrome menu under “More tools > Extensions.” Apps are automatically re-enabled the next time you use them.

Some hijackers are especially pernicious and have left behind processes that are meant to undermine user control of settings, so you may find that you’re hijacked again after a short period of time. If that happens you can find additional help uninstalling such programs in the Chrome help forum—and remember even if you don’t see the prompt, you can always restore Chrome to a fresh state by clicking the reset button in your Chrome settings.

It's not immediately clear what effect the new warnings might have on Chrome extensions that have been updated to include adware. As Ars reported last month, some adware developers are buying popular extensions and updating them to inject ads into webpages. As Upson explained, however, users who are in doubt about the integrity or trustworthiness of a previously installed extension can use the reset button to disable extensions and later reactivate them if they're deemed safe.

Promoted Comments

That looks like the kind of message I tell my mum to avoid, or to talk about with me before she does anything. Not sure if I'd bother teaching her how to identify it, as I'd assume someone will develop malware to closely resemble it. May not be as useful as intended.

So how should the box look to give confidence that it is real? More to the point, what will stop malware writers from mimicking any design of a valid message, causing more erosion of trust?

I bring these questions up non-sarcastically, because this issue extends well beyond Chrome. Windows UAC boxes have been spoofed, so people distrust those. Legitimate AV software warnings are seen as suspicious, and users may not do anything to stop actual attacks.

I don't have answers here, but it's an issue that I'm sure is on the minds of a lot people in the industry.

That looks like the kind of message I tell my mum to avoid, or to talk about with me before she does anything. Not sure if I'd bother teaching her how to identify it, as I'd assume someone will develop malware to closely resemble it. May not be as useful as intended.

What do you want them to do, then? They're damned if they do and damned if they don't.

Do: "Oh, people are going to ignore that because it looks fishy even though it's not."

Don't: "Oh, people don't fix these problems because there's no easy way for them to fix it."

The only winning move is not to play.

No, the only winning move is to design a browser that makes you have to confirm all changes to the browser and all extensions the first time that they are run. Best policy would to add a 'confirm to run on update' as well.

I don't see a way to do this so long as the browser settings are stored in a location where you, the user, has access to write the settings.

Google could do something like require privilege elevation to write the settings. But then you're stuck with elevation prompts to save the data. Those prompts just annoy users. I honestly don't see a good solution to this.